The first version of the FIDO Alliance standard has been published to enable service providers, enterprises and device manufacturers to offer stronger authentication that is more secure and easier to use.
Removing the need for usernames and passwords, the FIDO Alliance 1.0 draft of its two specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F), enables members to implement and market solutions around FIDO-enabled strong authentication, and non-members to freely deploy those solutions.
The concept is around a common standard on lower implementation costs, strong consumer privacy, end-to-end security enhancements and reduced user friction within authentication by developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
FIDO Alliance also said that it is nearing completion of extensions that will incorporate Near Field Communications (NFC) and Bluetooth into the range of FIDO capabilities.
Michael Barrett, president of the FIDO Alliance, said: “Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die. FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet services and digital commerce.”
The FIDO (Fast IDentity Online) Alliance was launched in February 2013 with six founding members – Nok Nok Labs, Lenovo, Infineon, PayPal, Agnitio and Validity, and now counts over 150 members worldwide in the areas of mobile devices, banking, operating systems, authentication technology, and healthcare and many more.
FIDO specifications define an open, scalable, interoperable set of strong authentication mechanisms that reduce the reliance on singlefactor username and password login. Specifications outline a new standard for devices, servers and client software, including browsers, browser plugins, and native app subsystems. Any website or cloud application can interface with a broad variety of existing and future FIDOenabled authenticators, ranging from biometrics to hardware tokens, to be used by consumers, enterprises, service providers, governments and organizations of all types.
Phillip Dunkelberger, President and CEO of FIDO Alliance founder member Nok Nok Labs, said: “As a founding member of FIDO Alliance, we recognise the demand in the market for a unified solution to allow for a more secure yet simpler experience. This announcement is about the industry coming together and to solve a major problem and showing that a 50 year-old convention has outlived its usefulness.”
Dunkelberger told IT Security Guru recently that FIDO Alliance about someone trying to do something about the authentication problem, to make authentication easier to use with better security underneath, and step by step, it is about building blocks and doing it the right way.
